-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Vincent Massol [[email protected]] Sent: 13 February 2012 18:09 To: XWiki Users Subject: Re: [xwiki-users] security breach? On Feb 13, 2012, at 5:47 PM, <[email protected]> <[email protected]> wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
Can you reproduce it? And if so, can we get access to a page showing the symptom or could you tell us how to reproduce?
Without more details it's going to be hard to figure out.
Thanks -Vincent
Hi, Vincent, No, I've not been able to reproduce it yet. The issue arose sometime ago when an user claims that a paper of him, ready to be published by a first line magazine, appears indexed by Google even though it was theoretically protected within a XWiki installation. Please, check this: http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required to identify http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible... some cache related issue? http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.... - you are required to identiy; this file is attached to the same page! Vincent, do you remember your account at EPEC Network? Atrium_KM is now the controller of the whole farm. I've chaged eBioTIC. look and feel to fit the image requirements of this new initiative. I do hope I'll be able to get it bak ASAP! I've created a new account for you there and I'm sending you a new password. Thanks! Ricardo
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm
users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm